<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
    <title>Authenticating with AuthSub - Zend Framework Manual</title>

    <link href="../css/shCore.css" rel="stylesheet" type="text/css" />
    <link href="../css/shThemeDefault.css" rel="stylesheet" type="text/css" />
    <link href="../css/styles.css" media="all" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Zend Framework</h1>
<h2>Programmer's Reference Guide</h2>
<ul>
    <li><a href="../en/zend.gdata.authsub.html">Inglês (English)</a></li>
    <li><a href="../pt-br/zend.gdata.authsub.html">Português Brasileiro (Brazilian Portuguese)</a></li>
</ul>
<table width="100%">
    <tr valign="top">
        <td width="85%">
            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.gdata.introduction.html">Introduction</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.gdata.html">Zend_Gdata</a></span><br />
                        <span class="home"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.gdata.books.html">Using the Book Search Data API</a></div>
                    </td>
                </tr>
            </table>
<hr />
<div id="zend.gdata.authsub" class="section"><div class="info"><h1 class="title">Authenticating with AuthSub</h1></div>
    

    <p class="para">
        The AuthSub mechanism enables you to write web applications
        that acquire authenticated access Google Data services,
        without having to write code that handles user credentials.
    </p>

    <p class="para">
        See <a href="http://code.google.com/apis/accounts/AuthForWebApps.html" class="link external">&raquo; http://code.google.com/apis/accounts/AuthForWebApps.html</a>
        for more information about Google Data AuthSub authentication.
    </p>

    <p class="para">
        The Google documentation says the ClientLogin mechanism is appropriate
        for &quot;installed applications&quot; whereas the AuthSub mechanism is
        for &quot;web applications.&quot; The difference is that AuthSub requires
        interaction from the user, and a browser interface that can react
        to redirection requests. The ClientLogin solution uses <acronym class="acronym">PHP</acronym> code to
        supply the account credentials; the user is not required to enter her
        credentials interactively.
    </p>

    <p class="para">
        The account credentials supplied via the AuthSub mechanism are
        entered by the user of the web application. Therefore they must be
        account credentials that are known to that user.
    </p>

    <blockquote class="note"><p><b class="note">Note</b>: <span class="info"><b>Registered applications</b><br /></span>
        

        <p class="para">
            <span class="classname">Zend_Gdata</span> currently does not support use of secure tokens,
            because the AuthSub authentication does not support passing a digital certificate
            to acquire a secure token.
        </p>
    </p></blockquote>

    <div class="section" id="zend.gdata.authsub.login"><div class="info"><h1 class="title">Creating an AuthSub authenticated Http Client</h1></div>
        

        <p class="para">
            Your <acronym class="acronym">PHP</acronym> application should provide a hyperlink to the
            Google <acronym class="acronym">URL</acronym> that performs authentication. The static function
             <span class="methodname">Zend_Gdata_AuthSub::getAuthSubTokenUri()</span>
            provides the correct <acronym class="acronym">URL</acronym>. The arguments to this function include
            the <acronym class="acronym">URL</acronym> to your <acronym class="acronym">PHP</acronym> application so that Google can
            redirect the user&#039;s browser back to your application after the user&#039;s
            credentials have been verified.
        </p>

        <p class="para">
            After Google&#039;s authentication server redirects the user&#039;s browser
            back to the current application, a <b><tt>GET</tt></b> request parameter is set,
            called <em class="emphasis">token</em>. The value of this parameter is a single-use token
            that can be used for authenticated access. This token can be converted into a multi-use
            token and stored in your session.
        </p>

        <p class="para">
            Then use the token value in a call to
             <span class="methodname">Zend_Gdata_AuthSub::getHttpClient()</span>.
            This function returns an instance of <span class="classname">Zend_Http_Client</span>,
            with appropriate headers set so that subsequent requests your
            application submits using that <acronym class="acronym">HTTP</acronym> Client are also authenticated.
        </p>

        <p class="para">
            Below is an example of <acronym class="acronym">PHP</acronym> code for a web application
            to acquire authentication to use the Google Calendar service
            and create a <span class="classname">Zend_Gdata</span> client object using that authenticated
            <acronym class="acronym">HTTP</acronym> Client.
        </p>

        <pre class="programlisting brush: php">
$my_calendar = &#039;http://www.google.com/calendar/feeds/default/private/full&#039;;

if (!isset($_SESSION[&#039;cal_token&#039;])) {
    if (isset($_GET[&#039;token&#039;])) {
        // You can convert the single-use token to a session token.
        $session_token =
            Zend_Gdata_AuthSub::getAuthSubSessionToken($_GET[&#039;token&#039;]);
        // Store the session token in our session.
        $_SESSION[&#039;cal_token&#039;] = $session_token;
    } else {
        // Display link to generate single-use token
        $googleUri = Zend_Gdata_AuthSub::getAuthSubTokenUri(
            &#039;http://&#039;. $_SERVER[&#039;SERVER_NAME&#039;] . $_SERVER[&#039;REQUEST_URI&#039;],
            $my_calendar, 0, 1);
        echo &quot;Click &lt;a href=&#039;$googleUri&#039;&gt;here&lt;/a&gt; &quot; .
             &quot;to authorize this application.&quot;;
        exit();
    }
}

// Create an authenticated HTTP Client to talk to Google.
$client = Zend_Gdata_AuthSub::getHttpClient($_SESSION[&#039;cal_token&#039;]);

// Create a Gdata object using the authenticated Http Client
$cal = new Zend_Gdata_Calendar($client);
</pre>

    </div>

    <div class="section" id="zend.gdata.authsub.logout"><div class="info"><h1 class="title">Revoking AuthSub authentication</h1></div>
        

        <p class="para">
            To terminate the authenticated status of a given token, use the
             <span class="methodname">Zend_Gdata_AuthSub::AuthSubRevokeToken()</span>
            static function. Otherwise, the token is still valid for
            some time.
        </p>

        <pre class="programlisting brush: php">
// Carefully construct this value to avoid application security problems.
$php_self = htmlentities(substr($_SERVER[&#039;PHP_SELF&#039;],
                         0,
                         strcspn($_SERVER[&#039;PHP_SELF&#039;], &quot;\n\r&quot;)),
                         ENT_QUOTES);

if (isset($_GET[&#039;logout&#039;])) {
    Zend_Gdata_AuthSub::AuthSubRevokeToken($_SESSION[&#039;cal_token&#039;]);
    unset($_SESSION[&#039;cal_token&#039;]);
    header(&#039;Location: &#039; . $php_self);
    exit();
}
</pre>


        <blockquote class="note"><p><b class="note">Note</b>: <span class="info"><b>Security notes</b><br /></span>
            

            <p class="para">
                The treatment of the <var class="varname">$php_self</var> variable in the
                example above is a general security guideline, it is not
                specific to <span class="classname">Zend_Gdata</span>. You should always filter content you
                output to <acronym class="acronym">HTTP</acronym> headers.
            </p>

            <p class="para">
                Regarding revoking authentication tokens, it is recommended to
                do this when the user is finished with her Google Data session.
                The possibility that someone can intercept the token and use
                it for malicious purposes is very small, but nevertheless it is
                a good practice to terminate authenticated access to any service.
            </p>
        </p></blockquote>
    </div>
</div>
        <hr />

            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.gdata.introduction.html">Introduction</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.gdata.html">Zend_Gdata</a></span><br />
                        <span class="home"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.gdata.books.html">Using the Book Search Data API</a></div>
                    </td>
                </tr>
            </table>
</td>
        <td style="font-size: smaller;" width="15%"> <style type="text/css">
#leftbar {
	float: left;
	width: 186px;
	padding: 5px;
	font-size: smaller;
}
ul.toc {
	margin: 0px 5px 5px 5px;
	padding: 0px;
}
ul.toc li {
	font-size: 85%;
	margin: 1px 0 1px 1px;
	padding: 1px 0 1px 11px;
	list-style-type: none;
	background-repeat: no-repeat;
	background-position: center left;
}
ul.toc li.header {
	font-size: 115%;
	padding: 5px 0px 5px 11px;
	border-bottom: 1px solid #cccccc;
	margin-bottom: 5px;
}
ul.toc li.active {
	font-weight: bold;
}
ul.toc li a {
	text-decoration: none;
}
ul.toc li a:hover {
	text-decoration: underline;
}
</style>
 <ul class="toc">
  <li class="header home"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></li>
  <li class="header up"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></li>
  <li class="header up"><a href="reference.html">Refer&ecirc;ncia do Zend Framework</a></li>
  <li class="header up"><a href="zend.gdata.html">Zend_Gdata</a></li>
  <li><a href="zend.gdata.introduction.html">Introduction</a></li>
  <li class="active"><a href="zend.gdata.authsub.html">Authenticating with AuthSub</a></li>
  <li><a href="zend.gdata.books.html">Using the Book Search Data API</a></li>
  <li><a href="zend.gdata.clientlogin.html">Authenticating with ClientLogin</a></li>
  <li><a href="zend.gdata.calendar.html">Using Google Calendar</a></li>
  <li><a href="zend.gdata.docs.html">Using Google Documents List Data API</a></li>
  <li><a href="zend.gdata.health.html">Using Google Health</a></li>
  <li><a href="zend.gdata.spreadsheets.html">Using Google Spreadsheets</a></li>
  <li><a href="zend.gdata.gapps.html">Using Google Apps Provisioning</a></li>
  <li><a href="zend.gdata.gbase.html">Using Google Base</a></li>
  <li><a href="zend.gdata.photos.html">Using Picasa Web Albums</a></li>
  <li><a href="zend.gdata.youtube.html">Using the YouTube Data API</a></li>
  <li><a href="zend.gdata.exception.html">Catching Gdata Exceptions</a></li>
 </ul>
 </td>
    </tr>
</table>

<script type="text/javascript" src="../js/shCore.js"></script>
<script type="text/javascript" src="../js/shAutoloader.js"></script>
<script type="text/javascript" src="../js/main.js"></script>

</body>
</html>